Properly define hal_codec2 and related policies Test: make cts -j123 && cts-tradefed run cts-dev -m \ CtsMediaTestCases --compatibility:module-arg \ CtsMediaTestCases:include-annotation:\ android.platform.test.annotations.RequiresDevice Bug: 131677974 Change-Id: I59c3d225499a8c53c2ed9f3bd677ff3d7423990b

commit: 609c243dd0a361a0a00566b20c9bb2c6bf0f006f [log] [tgz]
author: Pawin Vongmasa <pawin@google.com> Tue Apr 30 05:09:28 2019 -0700
committer: Pawin Vongmasa <pawin@google.com> Thu May 23 03:53:47 2019 -0700
tree: 978758ab5b241936e04b29496c49eb4237cc2e79
parent: 676d9590f4f48e9f4af6505e4a9a54f0125edbab [diff] [blame]
diff --git a/public/hal_codec2.te b/public/hal_codec2.te
new file mode 100644
index 0000000..60cd3b0
--- /dev/null
+++ b/public/hal_codec2.te

@@ -0,0 +1,22 @@
+binder_call(hal_codec2_client, hal_codec2_server)
+binder_call(hal_codec2_server, hal_codec2_client)
+
+hal_attribute_hwservice(hal_codec2, hal_codec2_hwservice)
+
+# The following permissions are added to hal_codec2_server because vendor and
+# vndk libraries provided for Codec2 implementation need them.
+
+# Allow server access to composer sync fences
+allow hal_codec2_server hal_graphics_composer:fd use;
+
+# Allow both server and client access to ion
+allow hal_codec2_server ion_device:chr_file r_file_perms;
+
+# Allow server access to camera HAL's fences
+allow hal_codec2_server hal_camera:fd use;
+
+# Receive gralloc buffer FDs from bufferhubd.
+allow hal_codec2_server bufferhubd:fd use;
+
+allow hal_codec2_client ion_device:chr_file r_file_perms;
+
commit	609c243dd0a361a0a00566b20c9bb2c6bf0f006f	[log] [tgz]
author	Pawin Vongmasa <pawin@google.com>	Tue Apr 30 05:09:28 2019 -0700
committer	Pawin Vongmasa <pawin@google.com>	Thu May 23 03:53:47 2019 -0700
tree	978758ab5b241936e04b29496c49eb4237cc2e79
parent	676d9590f4f48e9f4af6505e4a9a54f0125edbab [diff] [blame]